^ SANITIZED COPY 

( 



•? t 



DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. l/ll 

. . * ■ ■ 

SECURITY COMMITTEE . •• ."-- 

(Effective 23 August 1974) .-.•.-•. 

In support of the DCI's statutory responsibilities ana- of his efforts to 
improve the Intelligence Community's product and to achieve snore effi- 
cient use of intelligence resources, the community's security policies and 
procedures must be effective and consistent for the protection of intelH- 
' gence and of intelligence sources and methods, 2 and must ensure time- 
liness and economy in the handling of ccmpartmented information. 
Therefore, pursuant to provisions of Subsection 102 (d) of ths National 
Security Act of 1947, as amended, to provisions of NSCID 1 and to para- 
graph 2*b of NSAM 317, a new standing Committee of the USIB is hereby 
established. .... ...-...-..» 

1. Name of the Committee ; :j .-.; " 
). The committee will be known as the Security Committee. 

2. Mission . :..- ;. 

The mission of the committee is to provide the means by which the 
Director of Central Intelligence, with the advice of United States In- 
telligence Board principals, can: 

a. Ensure establishment of security policies and procedures Includ- 
ing recommendations for legislation for the protection of intelligence 
and intelligence sources and methods from unauthorized disclosure. 

b. Review and formulate personnel, physical and document security 
policies, standards and practices and dissemination procedures applica- 
ble to all government departments and agencies as such policies, stand- 
ards, practices and procedures relate to the protection of intelligence; 



4 Supersedes DCID 1/11, effective 23 April 1065 and DCID 1/12 effective 23 
December 1964. 

■The term Intelligence as used In this document applies only to Information. 
covered by statute, Executiva Order, or other authority consonant with the DCTs 
Statutory responsibility for foreign intelligence and for the protection of intelli- 
gence and intelligence sources and methods from unauthorized disclosure. 
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sources and methods in consideration of the effectiveness, risks and. 
cost factors involved. 

c. Review and formulate policies and procedures governing- the- re- 
lease of intelligence to foreign g07eranenb and international organiza- 
tions and the review of classified intelligence proposed for release to-' 
the public through declassification or other action. With respect to 
foreign disclosure, ensure that releases are in consonance with. U.S. 
security policy,/ ,, and that 
the intelligence itself is accorded a degree of protection equal to that 

.afforded by the United States. With respect to public release, ensure 
that disclosure or declassification actions are taken pursuant to prop er 
authority and that they are accomplished so as to minimise the risk ' 
to other intelligence sources and methods. 

d. Ensure that appropriate inves Ligations are made of any unauthor- 
ized disclosure or compromise of intelligence or of intelligence sources 

• and method^ and that the results of such investigations, along with, 
appropriate recommendations, are provided to the Director of Central 
Intelligence. .-•■-.... 



f. Review special security and compartmentation procedures a:n& 

• develop proposals for any necessary changes to achieve optimum use ^ 

. of intelligence consistent with protection of sensitive intelligence ( - 

sources and methods. 

g. Ensure the development, review and maintenance? of security - 
standards and procedures for the protection of intelligence stor.ed. in or ■_•_.*- 

• processed by computers. 

3. Functions . "....'. . . '- 

The functions of the committee are: '. • - " . :: - . 

•.. a. To advise and assist the Director of Central Intelligence as appro* ' • - -. • 
• -priate in the development and review of security policies, standards, . ''-.-- 

procedures and practices for the protection of intelligence and intelll- * 

gence sources and methods from unauthorized disclosures. • .....'"" ',..-'•-; 

b. To review, formulate and recommend to the Director of Central ■"***':'-.- 
Intelligence policies, standards and procedures' for the dissemination *•.'." . : -"- "•" 
of intelligence materials, for the release of such materials to foreign 
governments, and for the review of classified intelligence proposed, for - "-.- • 
use in unclassified activities. * • . '*-•.' 

c. On behalf of the Director of Central Intelligence, to call upon 
departments and agencies to investigate any unauthorized disclosure 
or compromise of intelligence or of intelligence sources- and methods 
occurring mthin their departments and agencies; to report i'a^ results 
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of these investigations to the Director of Central Intelligence,, through 
the United States Intelligence Board. Such reports will (1) assess the 
disclosure's impact on the U.S. intelligence process, audits implications 
for national security and foreign relations, (2) describe- corrective' 
measures taken or needed to prevent such disclosures in the future or 
to minirnize the adverse effects of the case at hand, and (3) recommend 
any appropriate additional actions. 

cL The functions of the committee as they relate to ! 
/ , computer security and special security com- 

partmentation are set forth in attachments 1, 2, and 3. _ .- 

4. Community Responsibilities 

■ - a. Upon request of the committee chairman, USES departments and 
agencies shall furnish to the committee within, established security 
safeguards particular information needed by the committee and perti- 
nent to its functions. Temporary material and ad hoc personnel sup- 
port will be provided to the committee as needed and as mutually 

* agreed upon by the departments and agencies represented on the com- 
mittee. 

b. Each USIB principal is responsible for investigation of any unau- 
thorized disclosure or compromise of intelligence or intelligence sources 
and methods occurring within his department or agency. When investi- 
gation determines that the possibility of compromise cannot be 6is^ 
A counted, and the interests of the USIB or another USIB principal, are 

involved or affected, the results of investigation will be forwarded to 
the Security Committee for review and possible remedial action as de- 
termined appropriate by the committee. 

5. Composition and Organization 

a. The committee will consist of a full-time chairman designated by 
the DCI, representatives of the chiefs of departments and agencies who 
are members of the USIB, and the.representatives of the Departments 
of the Army, Navy, and Air Force. The chairman may invite a repre- 
sentative of the chief of any other department or agency having' func- 
tions related to matters being considered by the committee to sit with 
the committee whenever matters within the purview of that depart- 
ment or agency are to be discussed. 

* b. The committee will be supported by 

subcommittees 
as needed and as approved by the DCI and by ad hoc "working groups 
as approved- by the chairman. The chairman of subcommittees will be 
designated by the committee chairman with the concurrence of the 
DCI. Membership on the subcommittees and ad hoc working groups 
need not be limited to member agencies of the committee, but may.be 
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extended by the chairman to representatives of other departments said. 
agencies having related functional responsibilities or support capabDi- 
ties. 

c The committee will have a full-time support staff to be provided 
by USIB departments and agencies as arranged and approved by the 
DCL 

6. Rules of Procedure •'.."•. 

a. The committee shall meet upon the call cf the chairman or at the 
request of any of its members. Items may be placed on the agenda hy 
the DCI or by the chairman or any member of the committee. - 

b. Decisions or recommendations mil be formulated by the chairman 
after giving consideration to the views of the members. At the request 
of a dissenting member, the chairman will refer the decision or rec- 
ommendation along with dissenting opinion or opinions to the DCL 



W. E. Colby 
Director of Central Intelligence 
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This attachment downgraded 

to UNCLASSIFIED by authority «3^^ 

of Sec 3(A), EO 11652 on 

12/16/76 by 246321 
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(Attachment 2) 

Computer Security 

The functions of the Security Committee include: 

(1) To review, formulate and recommend to the DCI policies, 
standards, and procedures to protect intelligence data stored or 
processed by computer. 

(2) To advise and assist the DCI, the Intelligence Community 
Staff, Committees of the United States Intelligence Board, USIB 
member agencies and departments, and other intelligence users 
with respect to all computer security issues and to resolve conflicts 
that may arise in connection therewith. 

(3) To formulate and recommend to the DCI. resource pro- 
gramming objectives for USIB departments and agencies in the 
field of computer security in consideration of current and foreseen 
vulnerabilities and threats and with regard for the effective and 
efficient use. of resources; to foster and to monitor an aggressive 
program of computer security, research and development in the 
Intelligence Community in order to avoid unwarranted duplication 
and to assure the pursuit of an effective effort at resolving techni- 
cal problems associated with the protection of computer operations. 

. (4) To coordinate all aspects of Intelligence Community efforts 
in defense against hostile penetration of Community computer 
systems as feasible to support other Government and national 
efforts aimed at improving computer security technology; to foster 
a coordinated program of Intelligence Community computer se- 
curity training and indoctrination. 

(5) To facilitate within the Intelligence Community the ex- 
change of information relating to computer security threats, vul- 
nerabilities, and countermeasures by providing a focal point for the 
evaluation of. foreign intentions and capabilities to exploit Com- 
munity computer operations, for central notification of hostile 
exploitation attempts, for the preparation of damage assessments 
of incidents of foreign exploitation of intelligence computer opera- 
tions, and for the formulation of Community policy on the release 
of computer security information to foreign governments and in- 
ternational organisations. 
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(6) To review, formulate and recommend minimum computer 
security sti-ndards, procedures and criteria as guidance for system 
design, evaluation and certification of acceptable levels of security 
for computer systems. 
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DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/17 
"' • •-■'••.• • (Atracnmsn* 3) v * ; " ? "" "" • \ 

* • - •*•%•— -• --—— - . . -. ' — .^ . »... .. . „ . - #„ .. -V . v.". * • .*. •*•;.* * * * ■" — ■•**"'• 

CoiDparhnefrtatJon * " * * "". '* 

"*.•..••"•-••'• ... •• • • • •• '.- •-.- ••:""•• *-• - 

The functions of the Security Committee as they relate to compartmenta- 
tion controls are: 2 /• • . \- ■ : - '.- -.. .' . • • -~- .-. - 

" A. To develop and recommend to" the D CI, with 'the- advice- of' 
thei United States Intelligence Board, technical guidance for the estab- 
lishment, maintenance and improvement of coordinated compartmenta- 
tion systems. •••.-'. '• •.- :-. •••. ■•::'."•• - • - - . . . -.. 

(1) .Providing special protection to* sensitive* intelligence, in.-" 
' • . telHgence'infarrnation and intelligence sources and methods under 

. the authority of Section 9 of Ezecutive Order 11652. - • : -.- . : . - . . - j 

(2) :E&suring the establishment and disestablishment of com- 
partmantation of intelligence and intelligence information on ther 
instructions of the DCL 

(3) Ensuring coherent control by the DCI of the processes ■ 
for access approvals to compartmented intelligence and intelli- 

gence information and of the processes for dissemination, sanita- 
tion or release of such intelligence information. 

(4) Ensuring the establishment and promulgation or appro- 
priate criteria for security and need-to-know access approvals. 

B. To formulate, coordinate, maintain and promulgate- technical 
guidance for use in the administration of compartmentation controls 
at all echelons of department and agency; - " : / } activity; 

1 ' '. • '. [concerning: *< 

(1) Access approval criteria I ' -,•-"■ 

. (2) Physical Security. •• ; •' . :"'.'.-: 



*Tfce term "compartmentatlon , * as used in tins directive refers to the system. 
whereby special Intelligence Corrimmity controls indicating restricted hy»f*Hjog 
within collection programs and their end products are applied to certain typss- 
of Intelligence inicrmation and material. The term does not include- Restricted 
Data as defined in Section 11, Atomic Energy Act ol 195*/ as amended. _ .- • 
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(3) Document identification, handling, accountability and 
destruction. 

(4) Automatic data processing- and nssociated. materials. 
C. To furnish teclmical guidance and assistance | 
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i in connection with their sanitization, downgrading,, declassl- . . -5 

fication and decontrol responsibilities. 

• * 

D. To review and survey, when appropriate, with the cooperation: ...... 

and assistance of the TJSI3 Principal concerned, the security standards,. 
' practices and procedures employed by IJSI3 departments and agencies. • " - 

> in relation to approved compartmentation policies, . 

procedures and controls; and to make recommendations for practical • 
Improvements to the XJSI3 Principals concerned through the DCIL 

e. ____„! ^ 7 '*- 

. . j • • __ " •..-'•- 

F. To recomrrr,?^d security policies, in coordination with appropriate " ""'-.- 

USIB committees, governing the release or disclosure of compartmenteci 
intelligence / . 
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